Protect your industrial network from internal threats by limiting access to physical devices such as USB ports and cables.
By Chris Woods, Sr., Industrial Automation Technical Systems Engineer, Panduit, on behalf of Industrial IP Advantage
This article was originally published on www.industrial-ip.org.
Hackers are commonly considered the biggest bad guys in the digital world. However, outsiders aren't the only threats to network security.
Insiders create risks every day, both accidentally and intentionally: the engineer plugging a flash drive into the system could unknowingly load a virus. The operator innocently clicking on the unknown link in his email. The disgruntled night-shift employee unplugging a few cables and crippling a system.
Unlike most external threats, the root of many internal threats is physical — like the open USB port accessed by the unassuming engineer or the cables pulled by the renegade employee.
These physical vulnerabilities require physical protections, such as these four:
Block the USB Port
With one on almost every device in your plant, USB ports are the easiest way to introduce viruses into or remove secrets from a system. Therefore, treat USB ports as your first line of defense against internal threats.
An effective solution: Removable or permanent USB block-outs. These are inserted and locked into the port, and only can be removed with a special tool. Like child-proof electrical-outlet covers, block-outs protect the port from unauthorized intruders.
Protect the Plugs
Network systems can be shut down if someone unplugs a cable or plugs it into the wrong location. Cable ports can be blocked with a device similar to those used to protect USB ports. Cables also can be locked into a port to prevent unwanted unplugging.
Port security can be heightened further by using a color-coded and fitted cable and port system. Each type of port can have a unique color and shape that lines up with a specific type of cable. For example, the blue cable will only fit into the blue port, the orange cable into the orange port, making it impossible for a cable to be plugged into the wrong place.
Cover the Cables
The U.S. Navy uses cables encased in a metal conduit to protect their critical information systems from tampering. Manufacturers can do the same, as well as place important wires in covered pathways along the wall or ceiling. This increases the time, labor and visibility necessary for someone to break in — especially if the cables themselves are armored.
Ideally, these pathways should be redundant and separated from one another. That way, if something happens with the cables in one part of the plant, duplicate cables in another part of the plant — and the operations they control — remain unaffected.
Get in the Zone
If cables are the arteries of industrial communication, the switch is the heart, and it needs protection to prevent someone from reconfiguring it and creating cascading effects on operations. If it's in an enclosure, the enclosure should have a lock; whether in an enclosure or mounted on a machine, unused ports should be physically and logically disabled.
Based in Tinley Park, Illinois, Panduit is a Rockwell Automation Strategic Alliance Partner. The company provides solutions that help customers optimize the physical infrastructure through simplification, increased agility and operational efficiency. Panduit's Unified Physical Infrastructure℠ (UPI)-based solutions give enterprises the capabilities to connect, manage and automate communications, computing, power, control and security systems for a smarter, unified business foundation.